Injection attacks represent a major conventional network (for example, the Internet) application vulnerability. This class of attacks broadened with the emerging generation of non-relational databases (for example, NOSQL). For many databases, a variety of new query techniques have been introduced (such as, JAVASCRIPT OBJECT NOTATION (JSON)-based or parameterized function calls). These simplified methods lead to more straightforward database access but also introduce vulnerabilities permitting injection attacks.
NOSQL injection attacks represent a class of attacks against non-relational databases that cause unintended behavior of a query or operations associated with the query through the insertion of malicious data into a context of the query. In some implementations, these vulnerabilities originate from non-validated user input used as or as a part of a database query. Depending on the attacked database, injected input is crafted with an aim to manipulate semantical query structures executed within a database layer and affecting confidentiality, integrity or, availability of data. In general, an attacker has to influence a semantic query structure in order to compromise targeted security goals.